grsecurity forums

Dear,

i am new to grsec. i got problem that grsec made iptables ipt_owner modules doesn't work. failed with error:

Code: Select all

root@baron [~]# /sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT
ACCEPT  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  tcp dpt:25 OWNER UID match 0
iptables: Unknown error 4294967295


i've tried to choose compile [y] and module [m] in the kernel config. both didn't work. I've tried vanilla kernel in rpm.cormander.com too, but still didn't work. i am clueless, is it grsec issue or iptables issue ?

OS: Centos 5.4
Kernel: 2.6.32.10
grsec: grsecurity-2.1.14-2.6.32.10-201003211638.patch

I am able to reproduce this on a CentOS 5.4 box booting the vanilla kernel 2.6.32.10. This indicates that it's not a grsecurity problem.

I am not able to reproduce this problem on a Fedora 10 machine. So I had a look at iptables version:

Centos: iptables-1.3.5-5.3
Fedora 10: iptables-1.4.3.2

I downloaded the latest src.rpm for iptables from Fedora 12 (iptables-1.4.5) and recompiled it on the centos 5.4 machine, and installed it. The problem went away.

Yeah! you made my day Mr Henderson... thank you! say my hello to little Hazel

root@baron [~]# uname -a
Linux baron.idwebhost.com 2.6.32.10-grsec-idweb-0.5 #2 SMP Sat Apr 3 13:18:09 WIT 2010 i686 i686 i386 GNU/Linux
root@baron [~]# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing ipt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK

RESULT: csf should function on this server
root@baron [~]#